| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Problem mit FakealertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.05.2013, 22:33
| #1 |
 |  Problem mit Fakealert Hallo liebe Boarder, habe heute einen verzweifelten Anruf von meiner Schwägerin erhalten, mein Rechner will nicht mehr. Sie hatte sich den Fakealert eingefangen. Habe Win im abgesicherten Modus gestartet und einen Scan mit MBAM und Avira gemacht. Siehe Log´s. Dann ging auch alles wieder, habe jetzt noch nach eurer Anleitung alle anderen Scans gemacht. Bei GMER schmiert der PC leider immer wieder mit einem bluescreen ab. Hoffe die Infos reichen so für den Anfang und es kann mir jemand helfen. Vielen Dank und liebe Grüße OTL Extras logfile created on: 20.05.2013 22:02:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snert\Desktop\20130520 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,83% Memory free 7,73 Gb Paging File | 5,64 Gb Available in Paging File | 73,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,90 Gb Total Space | 158,93 Gb Free Space | 55,78% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 6,90 Gb Free Space | 53,52% Space Free | Partition Type: NTFS Drive E: | 99,34 Mb Total Space | 95,21 Mb Free Space | 95,84% Space Free | Partition Type: FAT32 Drive G: | 3,74 Gb Total Space | 3,48 Gb Free Space | 93,00% Space Free | Partition Type: FAT32 Computer Name: SNERT-PC | User Name: Snert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{2FF09416-5041-42D0-9910-EA94A5F21769}" = rport=138 | protocol=17 | dir=out | app=system | "{3667D761-DA15-49CE-B00E-01AF8D8BA042}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3AD04E7D-6DB6-43DC-B3FB-C8ECDD118671}" = lport=138 | protocol=17 | dir=in | app=system | "{4E37FDA2-0714-41D3-958C-113691EE7663}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{627D3370-B0AB-4A3E-8244-3E02F30AD424}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{64112CFD-40FF-43C9-AC2C-AF4EC7DF2096}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6D8F6DE2-E742-4ED9-8776-9AA2D0FC3DB5}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{8B3D7E43-ABF5-419A-8ECF-97F677EA65A6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{972CD8FC-3B6D-49F3-807C-DC6D6B205D42}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{99BB2111-A98E-4FFC-9CCD-4320D4F60828}" = lport=139 | protocol=6 | dir=in | app=system | "{9C4C69B8-6023-4D0E-8BCF-39C06D168677}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A66D5C10-DD0C-45E5-B5B4-44C44918D7B3}" = lport=137 | protocol=17 | dir=in | app=system | "{ABCB1AB8-C72F-44CF-8EB8-CDEF9F616381}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{AD6E0791-B099-4015-9FFD-8DF29B11225F}" = rport=445 | protocol=6 | dir=out | app=system | "{BFB25844-A7F6-4760-AB0B-42FB371646C8}" = lport=445 | protocol=6 | dir=in | app=system | "{C2A4F617-3EB7-4BD8-BDF5-38EAD47544AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C32D41C8-27C9-4BCC-86E1-EA1E288348A0}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{C3E4BFB3-3D3B-4845-B89E-D9999BD48C33}" = lport=2869 | protocol=6 | dir=in | app=system | "{D085A0A0-08B9-4A3F-991C-F4BB0A8FEF27}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D6811F4D-8784-4BBE-8D8A-C258046620DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D7705F2A-D41F-4A6E-8D3B-3AF8C0F432EE}" = rport=139 | protocol=6 | dir=out | app=system | "{D9270FD3-DC79-4E21-8EB0-676282D60427}" = rport=137 | protocol=17 | dir=out | app=system | "{F2442E11-6C25-4A5A-AD96-8CEAA27B516C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FD262D36-187D-4A9F-8D62-81A806387776}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{133AF998-D29C-46BA-AFE9-1C149704609B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{13BD3596-7967-4542-A04E-0FA171BE17CE}" = protocol=17 | dir=in | app=c:\users\snert\appdata\roaming\icqm\icq.exe | "{14117914-B05F-4106-ABD3-4DB526B0FB3B}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{17773A08-C66F-41DF-BE43-7107477EF472}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "{18C861B5-AC05-42B5-8FE2-9DB8EC9B04D5}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | "{1A49F825-D95C-4138-A873-841ABA9EBE95}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{1D72FDCE-C03D-49C5-A5C0-B42A58FFCD9B}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\frun.exe | "{1DEAACF8-ECFD-4F54-980F-105C4CF82BBB}" = protocol=6 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | "{2371598E-30AA-4B3F-BC92-C0C6EC474909}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnamon.exe | "{26C7EC76-5716-4D08-938D-425A1730B0FD}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{273097D3-4C76-4DC0-9E74-0FF666EFCE2E}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | "{2E68AAF7-03C6-4103-8E21-838A5DB9C2C3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{31525136-6673-4E8F-9FBF-3618775E2294}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{33720061-4FC7-4097-97B8-BC9BF64F8910}" = protocol=6 | dir=in | app=c:\users\snert\appdata\roaming\dropbox\bin\dropbox.exe | "{37B6A74B-0833-4A01-9C41-49BE1CFD0F34}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{395A16F9-F0A1-4E26-9576-102484D683F7}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{3B50E571-A858-4195-92BC-DF80C272F0D5}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnamon.exe | "{3C73A0A8-D374-456F-832F-4FACAEEF8F52}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4697801E-A184-4EE2-955C-32FAD204D1ED}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{48546769-8D18-455A-A77D-D6E09CF4A069}" = protocol=6 | dir=in | app=c:\users\snert\appdata\roaming\icqm\icq.exe | "{4B823AE4-B8C0-4496-8FC1-C9F9AD5C7533}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdncoms.exe | "{5215AAA8-F8FA-462F-9ED4-B5F9D3F064DF}" = protocol=17 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | "{55FF44CF-67CC-41FD-81F9-5AD2042FBB92}" = protocol=6 | dir=in | app=c:\windows\system32\lxdncoms.exe | "{563AD57A-9D9D-4844-9F34-8B5681F50C23}" = protocol=17 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | "{575D420B-3E25-487B-BA00-43CBC25C6AB2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | "{59FDB2D7-6355-4AD7-B9DE-67647DC49386}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{5F621364-6D35-4F3C-BFAF-8E00171E16EE}" = dir=in | app=c:\users\snert\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{6283AF95-CCBD-4728-A78E-73114AEDAAAB}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe | "{6D6C5DD5-E025-45FA-9245-FBECFE82BFB5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{778803FF-2674-4C53-B1BF-08FBB676DAAB}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{7A960745-9612-440F-9EB2-C13806264EAF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{7D073F29-FBCC-4C7A-A405-FE168D4D2DF7}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "{82ADED2A-78F7-4D2D-911E-C995D6945366}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\frun.exe | "{854F08D5-4B90-48FF-8E77-AB9C11074496}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{87C4ADCD-7F76-4E74-8D3D-28E8ADE307CA}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{8C6AA0A3-2FD0-4F9E-97ED-5DB49D03022C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{8DE57311-33BE-46BF-BC55-FC431F252D68}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8EE5C714-9A64-4D43-8EE1-014FFE72FA83}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | "{95B5A363-75B4-4262-8FE2-EDB841439EC4}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{9803AF5F-98E6-4A2B-98B8-69D4091A8EE0}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{9E353D46-020E-4748-8363-F23ECD5EF910}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{A411A07A-6A9C-4950-9624-41D9F5776011}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdntime.exe | "{A7F2E508-4FA0-45B2-8135-3058F77F9973}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{AAA17A65-7D99-4334-B706-23BC5BBB5366}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{AC7D1C4F-355C-4F6A-8807-3C729DC0027E}" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "{B38452B2-8732-43E5-8620-6DCE3D4C4402}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{BAC4F637-7F0A-4080-8599-A8FEFE6AB3A5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{BD20AAEF-36F4-4FC5-8E1F-2ACB7E19785A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{CDDAE649-B3D0-4B0F-9E12-F62B07499F11}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdncoms.exe | "{D03B1799-8CB9-49C6-BA3E-2358ECC56D46}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D2550A00-E9A3-4C2F-B07D-169FB550B83C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{D2947FA8-2044-4B29-AC2E-5E165B9A2CEC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D3CCCC77-EFEF-45F5-903C-3435374CB5D1}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\mediabar\datamngr\toolbar\dtuser.exe | "{D657394F-EC5D-4281-B62C-6CE30AD43E30}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | "{D6F8AF41-315A-42C7-97A9-C31E87653EC1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdnjswx.exe | "{DCC9ADE0-7CC8-459C-917A-5208D11473FF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | "{DF36F07A-095F-46AD-B9E3-81BFFF2F1FAF}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | "{E8ABDBBB-16D2-4235-8C9B-A6446551AFBD}" = protocol=6 | dir=in | app=c:\program files (x86)\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe | "{E9805E87-6EB0-4B2B-BD47-A9D489292F51}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnmon.exe | "{E9AEB5A5-235B-48BA-8B0A-0D10391A2700}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{ED6F99EF-C81A-46CA-9F13-5A75320A9471}" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "{F1B82A6A-4A31-475F-ADDD-52BA0DE0D653}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{F2533B7E-AF73-4952-9296-BA59B85E14C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{F54EFA53-BD74-4096-9600-447EA6907265}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | "{FB20E2F8-3361-4DB5-8445-27B301A360D0}" = protocol=17 | dir=in | app=c:\windows\system32\lxdncoms.exe | "{FFEDF4C9-E27F-4B2F-B23C-9BF7A9B8543E}" = protocol=17 | dir=in | app=c:\users\snert\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{85DBE0BC-0BDA-4671-8AC9-38D080CE5132}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | "TCP Query User{94F80C96-0195-4151-BDD3-66ED1F32D240}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=6 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "UDP Query User{6E237B22-9307-43A4-955F-EFDBAAD14ECB}C:\program files (x86)\imesh applications\imesh\imesh.exe" = protocol=17 | dir=in | app=c:\program files (x86)\imesh applications\imesh\imesh.exe | "UDP Query User{EE717F35-2DBD-4F27-AF03-D465D01B94F0}C:\program files (x86)\lexmark 2600 series\lxdnlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 2600 series\lxdnlscn.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FBBDC2C-0ED4-A201-7EA3-EE6A848F76D5}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{68201122-5B1D-70CF-6B4B-AB7732A782A5}" = ATI Catalyst Install Manager "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft-Maus- und Tastatur-Center "{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Lexmark 2600 Series" = Lexmark 2600 Series "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft Mouse and Keyboard Center" = Microsoft-Maus- und Tastatur-Center "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0893F6E8-D9F5-6225-6C08-F05E509BB84A}" = CCC Help French "{105CE6E0-03DC-4FCE-BE7D-591F68752AB5}" = PC Sync Manager "{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe "{109F3C58-CC58-777F-B937-3347F0A6A5E5}" = CCC Help Danish "{10CCF16B-F1C9-4B24-9570-B4CCEE42392D}" = LightScribe System Software "{114B6A6A-3B55-7796-3250-AA3FC23743A9}" = CCC Help Czech "{11D0053C-4160-6257-91F6-0EDBAD10B66B}" = CCC Help Spanish "{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D188C8-4071-5F61-42AF-F45115DEC4AA}" = CCC Help Thai "{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{32D95703-A0EC-C75C-1D49-542887F73B89}" = Catalyst Control Center Localization All "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons "{3718C4EC-BF5C-79FF-87FF-C08E8D21E052}" = CCC Help Chinese Standard "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3A057951-7CF8-BB44-C823-3E6E8AF6BFB7}" = CCC Help Chinese Traditional "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3BD8D466-E5ED-AE3D-A089-BBDDA1EA2AB5}" = CCC Help Greek "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}" = muvee Reveal "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager "{49404BCA-BC5F-519A-9822-07F4C0711C75}" = Catalyst Control Center Graphics Previews Vista "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C6C8AA5-24BD-6AEA-1091-7056CEC7E7C0}" = Catalyst Control Center Graphics Light "{4D3D893B-51CF-E89A-D536-0A658AE46140}" = CCC Help Swedish "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{51119170-3D3F-B137-E735-AE9D315B5CF4}" = Catalyst Control Center Graphics Full Existing "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{68A0F54D-DB64-0ED9-C563-CE85C26CEE15}" = Catalyst Control Center Graphics Full New "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1 "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75053DEE-4BE5-3C4B-3FFC-3DA37ADE0347}" = CCC Help Hungarian "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{77973724-A5B7-4A2A-CAB5-D6EEE02C06FC}" = CCC Help Korean "{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A852BDE-016A-CDAC-1401-E99317CB956C}" = CCC Help Italian "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "{8132E9B3-7B40-8577-9CFE-8CB2DD0F21B3}" = ccc-core-static "{84CE8562-9563-DEDA-FA31-F3BCF58B670B}" = CCC Help Polish "{85E15059-42E9-4EAF-3CE9-17374870BA85}" = CCC Help German "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}" = iMesh "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{935BEAF7-6AAC-18BA-A8FF-8198602502DA}" = CCC Help Portuguese "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AA66F70-CCBB-8E9E-0D8D-59E23EF770A4}" = Catalyst Control Center Core Implementation "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A8F4F0BB-0A1C-3A5A-97B8-F7150725C173}" = CCC Help Turkish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AE6FD3D5-6302-815B-B27D-61A2D296BD94}" = CCC Help Finnish "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BC146E5F-A2B0-40DB-90E7-2833807E98DF}" = HP User Guides 0183 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C93CFC00-267B-3564-273A-E2061DCF0DD1}" = CCC Help Norwegian "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update "{D668BFA1-12CA-0692-D3BA-15CED8E126D2}" = CCC Help English "{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player "{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E5D5AC01-2095-566B-D92F-759DA0CB382B}" = Catalyst Control Center Graphics Previews Common "{E8CF5CE7-02DC-042B-70B8-4A47F394663A}" = Catalyst Control Center InstallProxy "{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant "{EF15B806-FF50-B61F-490D-29373E8C0623}" = CCC Help Japanese "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FAEE8E0C-4D05-7079-2E05-23BB831BBA73}" = CCC Help Dutch "{FDAB5C9C-76E1-E1D9-9CD6-9DAEFF8B9ECB}" = CCC Help Russian "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 12.0 "AND Route 2000 Deutschland" = AND Route 2000 Deutschland "Avira AntiVir Desktop" = Avira Antivirus Premium "Bertelsmann Discovery 2000 OEM1" = Bertelsmann Discovery 2000 OEM1 "entrusted Toolbar" = entrusted Toolbar "FileConverter_1.3 Toolbar" = FileConverter 1.3 Toolbar "Guard.Mail.ru" = Guard.ICQ "iMesh" = iMesh "iMesh 1 MediaBar" = MediaBar "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Magic Encyclopedia" = Magic Encyclopedia "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "McAfee Security Scan" = McAfee Security Scan Plus "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Opera 12.02.1578" = Opera 12.02 "Picasa 3" = Picasa 3 "PirateVille" = PirateVille "SearchProtect" = Search Protect by conduit "VLC media player" = VLC media player 0.9.9 "Wajam" = Wajam "WEB.DE SmartSurfer" = WEB.DE SmartSurfer "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite_Wave3" = Windows Live Essentials "XSManager" = XSManager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "ICQ" = ICQ 8.0 (build 5989, für aktuellen Benutzer) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.05.2013 13:27:30 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 20.05.2013 13:27:30 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9751528 Error - 20.05.2013 13:27:30 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9751528 Error - 20.05.2013 13:27:31 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 20.05.2013 13:27:31 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9752574 Error - 20.05.2013 13:27:31 | Computer Name = Snert-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9752574 Error - 20.05.2013 13:27:47 | Computer Name = Snert-PC | Source = Google Update | ID = 20 Description = Error - 20.05.2013 15:05:36 | Computer Name = Snert-PC | Source = Application Hang | ID = 1002 Description = Programm IEXPLORE.EXE, Version 10.0.9200.16576 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1b74 Startzeit: 01ce558ce7c83d7d Endzeit: 9 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: Error - 20.05.2013 15:18:13 | Computer Name = Snert-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: setuppending.exe, Version: 13.6.0.778, Zeitstempel: 0x511e4145 Name des fehlerhaften Moduls: MSVCR100.dll, Version: 10.0.40219.325, Zeitstempel: 0x4df2be1e Ausnahmecode: 0x40000015 Fehleroffset: 0x0008d6fd ID des fehlerhaften Prozesses: 0xf68 Startzeit der fehlerhaften Anwendung: 0x01ce558eb0f84efb Pfad der fehlerhaften Anwendung: C:\Windows\Temp\AVSETUP_519a75a9\setuppending.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\MSVCR100.dll Berichtskennung: 03ccdf12-c182-11e2-957d-c80aa96d328e Error - 20.05.2013 15:20:59 | Computer Name = Snert-PC | Source = Application Hang | ID = 1002 Description = Programm avscan.exe, Version 13.6.0.1262 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1490 Startzeit: 01ce558f072078a0 Endzeit: 8231 Anwendungspfad: C:\program files (x86)\avira\antivir desktop\avscan.exe Berichts-ID: 5c55bdf1-c182-11e2-957d-c80aa96d328e [ Hewlett-Packard Events ] Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:10 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:12 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:14 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 17.12.2012 09:32:21 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033HPSF.exe bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 40 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) Error - 24.12.2012 11:42:53 | Computer Name = Snert-PC | Source = HPSF.exe | ID = 2000 Description = HP Error ID: -2146233033 bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Message: Die Zeichenfolge wurde nicht als gültiges DateTime erkannt. StackTrace: bei System.DateTimeParse.Parse(String s, DateTimeFormatInfo dtfi, DateTimeStyles styles) bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.GetAppliedMessages() bei HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean includeIgnored) Source: mscorlib Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: de-DE RAM: 3957 Ram Utilization: 50 TargetSite: System.DateTime Parse(System.String, System.Globalization.DateTimeFormatInfo, System.Globalization.DateTimeStyles) [ HP Software Framework Events ] Error - 12.05.2013 12:03:11 | Computer Name = Snert-PC | Source = hpqWmiEx | ID = 5 Description = 2013/05/12 18:03:11.939|00000FE0|Error |ChpqWmiExModule::Start|The hpqwmiex service failed to start (1063). A system restart may correct this problem. [ Media Center Events ] Error - 17.01.2011 14:22:12 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 19:22:12 - Fehler beim Herstellen der Internetverbindung. 19:22:12 - Serververbindung konnte nicht hergestellt werden.. Error - 17.01.2011 14:22:21 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 19:22:18 - Fehler beim Herstellen der Internetverbindung. 19:22:18 - Serververbindung konnte nicht hergestellt werden.. Error - 25.01.2011 12:12:47 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 17:12:47 - Fehler beim Herstellen der Internetverbindung. 17:12:47 - Serververbindung konnte nicht hergestellt werden.. Error - 25.01.2011 12:12:55 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 17:12:52 - Fehler beim Herstellen der Internetverbindung. 17:12:52 - Serververbindung konnte nicht hergestellt werden.. Error - 28.01.2011 08:24:05 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 13:24:05 - Fehler beim Herstellen der Internetverbindung. 13:24:05 - Serververbindung konnte nicht hergestellt werden.. Error - 28.01.2011 08:24:15 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 13:24:10 - Fehler beim Herstellen der Internetverbindung. 13:24:10 - Serververbindung konnte nicht hergestellt werden.. Error - 07.02.2011 13:43:50 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 18:43:50 - Fehler beim Herstellen der Internetverbindung. 18:43:50 - Serververbindung konnte nicht hergestellt werden.. Error - 07.02.2011 13:44:01 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 18:43:55 - Fehler beim Herstellen der Internetverbindung. 18:43:55 - Serververbindung konnte nicht hergestellt werden.. Error - 24.02.2011 12:03:16 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 17:03:16 - Fehler beim Herstellen der Internetverbindung. 17:03:16 - Serververbindung konnte nicht hergestellt werden.. Error - 24.02.2011 12:03:24 | Computer Name = Snert-PC | Source = MCUpdate | ID = 0 Description = 17:03:21 - Fehler beim Herstellen der Internetverbindung. 17:03:21 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 20.05.2013 08:02:18 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 20.05.2013 10:08:26 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdnCATSCustConnectService erreicht. Error - 20.05.2013 10:08:26 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdnCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 20.05.2013 14:53:45 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Presentation Foundation-Schriftartcache 3.0.0.0 erreicht. Error - 20.05.2013 14:53:45 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 20.05.2013 15:16:36 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7009 Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst lxdnCATSCustConnectService erreicht. Error - 20.05.2013 15:16:36 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdnCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 20.05.2013 15:25:13 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Search Protect by Conduit Updater" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 20.05.2013 15:25:13 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "LightScribeService Direct Disc Labeling Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 20.05.2013 15:25:13 | Computer Name = Snert-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Skype C2C Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > OTL logfile created on: 20.05.2013 22:02:25 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Snert\Desktop\20130520 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16576) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 56,83% Memory free 7,73 Gb Paging File | 5,64 Gb Available in Paging File | 73,01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,90 Gb Total Space | 158,93 Gb Free Space | 55,78% Space Free | Partition Type: NTFS Drive D: | 12,90 Gb Total Space | 6,90 Gb Free Space | 53,52% Space Free | Partition Type: NTFS Drive E: | 99,34 Mb Total Space | 95,21 Mb Free Space | 95,84% Space Free | Partition Type: FAT32 Drive G: | 3,74 Gb Total Space | 3,48 Gb Free Space | 93,00% Space Free | Partition Type: FAT32 Computer Name: SNERT-PC | User Name: Snert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.05.20 21:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Snert\Desktop\20130520\OTL.exe PRC - [2013.05.20 21:09:39 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.05.20 21:09:21 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2013.05.20 21:09:17 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2013.05.20 21:09:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.05.20 21:09:12 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe PRC - [2012.07.26 23:08:58 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe PRC - [2012.02.25 16:39:49 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe PRC - [2011.06.01 19:17:15 | 001,546,672 | ---- | M] (iMesh, Inc) -- C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe PRC - [2010.11.27 01:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.06.22 16:13:48 | 000,304,592 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe PRC - [2009.05.14 17:31:02 | 000,157,456 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2009.05.14 17:30:18 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2009.01.29 17:43:55 | 000,660,136 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe PRC - [2009.01.29 17:43:53 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe ========== Modules (No Company Name) ========== MOD - [2012.12.12 07:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012.10.05 12:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012.08.31 12:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012.02.25 16:39:49 | 001,564,368 | ---- | M] () -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.11.05 03:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010.11.05 03:58:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2009.10.16 13:10:14 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll MOD - [2009.10.16 13:10:14 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll MOD - [2009.10.16 13:10:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009.06.10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2009.01.29 17:43:55 | 000,660,136 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe MOD - [2009.01.29 17:43:53 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe MOD - [2008.03.15 07:34:14 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll MOD - [2008.03.15 07:33:42 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll MOD - [2008.01.04 21:09:23 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll MOD - [2008.01.04 21:09:23 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll MOD - [2008.01.04 21:08:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll MOD - [2007.11.22 18:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll MOD - [2007.11.21 01:44:48 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll MOD - [2007.10.03 00:51:09 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll MOD - [2007.05.29 17:39:08 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll MOD - [2007.03.26 17:39:35 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll ========== Services (SafeList) ========== SRV:64bit: - [2009.11.25 08:17:18 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2008.02.28 01:07:47 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device) SRV:64bit: - [2008.02.28 01:07:39 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService) SRV - [2013.05.20 21:09:39 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.05.20 21:09:21 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2013.05.20 21:09:17 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2013.05.20 21:09:15 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.05.16 18:18:37 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.05.14 21:37:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.04.11 16:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Stopped] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService) SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012.09.27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2012.07.26 23:08:58 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012.02.25 16:39:49 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru) SRV - [2010.11.27 01:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.11.18 04:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV - [2009.10.01 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.10.01 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.06.22 16:13:48 | 000,304,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.06 02:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009.05.14 17:30:18 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2009.02.22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.02.28 01:07:39 | 000,033,960 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService) SRV - [2008.02.28 01:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdncoms.exe -- (lxdn_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.05.20 21:09:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.05.20 21:09:50 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.05.20 21:09:49 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.10.12 16:35:24 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2012.10.09 20:31:14 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.06.20 09:42:44 | 003,678,720 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.14 05:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.05.29 15:43:35 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2009.11.25 08:52:16 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.11.19 04:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV:64bit: - [2008.05.02 11:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64) DRV:64bit: - [2008.05.02 10:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2008.05.02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64) DRV - [2009.09.23 03:39:00 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.10.31 16:19:36 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\cmnsusbser.sys -- (cmnsusbser) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{7F1FB254-40E0-4A87-9FCC-429D00C045D6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=315&systemid=1&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbent0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {C65F3879-1DD9-4CA8-AEB2-80C52EDF28D8} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{7F1FB254-40E0-4A87-9FCC-429D00C045D6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=315&systemid=1&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found IE - HKCU\..\URLSearchHook: {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbent0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {C65F3879-1DD9-4CA8-AEB2-80C52EDF28D8} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNC_deDE403 IE - HKCU\..\SearchScopes\{6A97BED5-0DAC-463F-ACD3-4AF2D853B8CC}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=0BF173DF-1E1D-45A9-815F-E186D60B873E&apn_sauid=D393948B-8941-48BE-A7F2-1575617C15AD IE - HKCU\..\SearchScopes\{C65F3879-1DD9-4CA8-AEB2-80C52EDF28D8}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN51739867214239307&UM=2 IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0 FF - prefs.js..extensions.enabledAddons: %7B800b5000-a755-47e1-992b-48a1c1357f07%7D:1.5.3 FF - prefs.js..extensions.enabledAddons: %7B5a95a9e0-59dd-4314-bd84-4d18ca83a0e2%7D:1.26 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0038-ABCDEFFEDCBA%7D:6.0.38 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://172.20.0.1/autoconf.pac" FF - prefs.js..network.proxy.type: 2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Snert\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.16 18:18:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013.02.14 17:41:10 | 000,037,909 | ---- | M] () FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.16 18:18:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.30 15:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snert\AppData\Roaming\mozilla\Extensions [2013.05.06 21:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Snert\AppData\Roaming\mozilla\Firefox\Profiles\osnudy1d.default\extensions [2012.12.11 21:56:09 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Snert\AppData\Roaming\mozilla\Firefox\Profiles\osnudy1d.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.10.15 14:12:07 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Users\Snert\AppData\Roaming\mozilla\Firefox\Profiles\osnudy1d.default\extensions\ffxtlbr@babylon.com [2012.12.11 21:56:02 | 000,101,871 | ---- | M] () (No name found) -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\extensions\ciuvo-extension@icq.de.xpi [2013.03.23 15:27:07 | 000,002,408 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\askcom.xml [2012.10.15 14:12:22 | 000,002,549 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\browsemngr.xml [2013.01.24 20:12:48 | 000,002,376 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icq.xml [2013.05.14 07:56:52 | 000,000,950 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin-1.xml [2012.05.03 08:33:34 | 000,000,950 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin-2.xml [2013.03.23 15:26:42 | 000,000,950 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin-3.xml [2013.05.05 21:56:50 | 000,000,950 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin-4.xml [2013.05.16 18:19:33 | 000,000,950 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin-5.xml [2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin.gif [2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin.src [2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Snert\AppData\Roaming\mozilla\firefox\profiles\osnudy1d.default\searchplugins\icqplugin.xml [2013.04.29 20:05:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.18 23:27:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.07.06 18:37:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.27 14:24:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.01 15:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013.01.02 20:33:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2013.02.14 17:41:10 | 000,037,909 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\WAJAM\FIREFOX\{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}.XPI [2013.05.16 18:18:38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.05.16 18:18:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.15 14:11:50 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2013.05.16 18:18:34 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.05.16 18:18:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.05.16 18:18:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.05.16 18:18:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.05.16 18:18:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.02.12 14:32:52 | 000,441,346 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15167 more lines... O2:64bit: - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc) O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O2 - BHO: (UrlHelper Class) - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll (iMesh, Inc) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (entrusted Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbent0.dll (Conduit Ltd.) O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\imeshdtxmltbpi.dll () O3 - HKLM\..\Toolbar: (FileConverter 1.3 Toolbar) - {78e516ef-11de-47a1-8364-a99b917ec5ee} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (entrusted Toolbar) - {e44a1809-4d10-4ab8-b343-3326b64c7cdd} - C:\Program Files (x86)\entrusted\prxtbent0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (FileConverter 1.3 Toolbar) - {78E516EF-11DE-47A1-8364-A99B917EC5EE} - C:\Program Files (x86)\FileConverter_1.3\prxtbFile.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (entrusted Toolbar) - {E44A1809-4D10-4AB8-B343-3326B64C7CDD} - C:\Program Files (x86)\entrusted\prxtbent0.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [lxdnamon] C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe () O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe () O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE (iMesh, Inc) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKCU..\Run: [Facebook Update] C:\Users\Snert\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW File not found O4 - HKCU..\Run: [ICQ] C:\Users\Snert\AppData\Roaming\ICQM\icq.exe (ICQ) O4 - HKCU..\Run: [SearchProtect] C:\Users\Snert\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit) O4 - Startup: C:\Users\Snert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Snert\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F91DD46-1B3C-4988-AE9D-B4FBA713DE16}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll (iMesh, Inc) O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll (iMesh, Inc) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4c99e3c1-a612-11df-9295-c80aa96d328e}\Shell - "" = AutoRun O33 - MountPoints2\{4c99e3c1-a612-11df-9295-c80aa96d328e}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{aa4fa8cf-6b27-11df-962c-c80aa96d328e}\Shell - "" = AutoRun O33 - MountPoints2\{aa4fa8cf-6b27-11df-962c-c80aa96d328e}\Shell\AutoRun\command - "" = G:\autorun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.20 21:53:38 | 000,000,000 | ---D | C] -- C:\Users\Snert\Desktop\20130520 [2013.05.20 21:25:13 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine [2013.05.20 21:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2013.05.20 21:19:30 | 000,000,000 | ---D | C] -- C:\Users\Snert\AppData\Roaming\Avira [2013.05.20 21:18:46 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.05.20 21:18:46 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.05.20 21:18:46 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.05.20 21:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.05.20 21:18:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.05.20 13:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.05.20 13:23:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.05.20 13:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.05.20 13:23:29 | 000,000,000 | ---D | C] -- C:\Users\Snert\AppData\Local\Programs [2013.05.20 11:32:50 | 000,000,000 | ---D | C] -- C:\Users\Snert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Care Antivirus [2013.05.20 11:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\7A34EDDA0A5AC57C00007A3473AACAB0 [2013.05.19 10:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.19 10:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.19 10:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.05.19 10:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.19 10:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.15 20:03:57 | 000,000,000 | ---D | C] -- C:\Users\Snert\Desktop\Kochbuch [2013.05.13 17:26:13 | 000,000,000 | ---D | C] -- C:\SearchProtect [2013.05.10 20:13:01 | 000,000,000 | ---D | C] -- C:\Users\Snert\Desktop\Schulkram [2013.05.07 17:16:15 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.05.05 21:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.05.05 21:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.05.01 13:39:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect [2013.05.01 13:39:39 | 000,000,000 | ---D | C] -- C:\Users\Snert\AppData\Roaming\SearchProtect [2013.05.01 13:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\entrusted [2013.05.01 13:38:59 | 000,000,000 | ---D | C] -- C:\Users\Snert\AppData\Roaming\OpenCandy [2013.04.24 19:14:02 | 000,000,000 | ---D | C] -- C:\Users\Snert\Desktop\Praktikum ========== Files - Modified Within 30 Days ========== [2013.05.20 21:58:16 | 000,000,000 | ---- | M] () -- C:\Users\Snert\defogger_reenable [2013.05.20 21:48:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.20 21:39:06 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3740440184-2078061406-2066729486-1000UA.job [2013.05.20 21:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.20 21:23:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 21:23:58 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.20 21:19:07 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.20 21:17:36 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.20 21:16:35 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job [2013.05.20 21:16:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.20 21:16:21 | 3112,587,264 | -HS- | M] () -- C:\hiberfil.sys [2013.05.20 21:09:51 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.05.20 21:09:50 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.05.20 21:09:49 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.05.20 20:43:23 | 001,512,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.05.20 20:43:23 | 000,659,238 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.05.20 20:43:23 | 000,620,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.05.20 20:43:23 | 000,132,776 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.05.20 20:43:23 | 000,108,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.05.20 13:23:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.20 09:51:08 | 000,000,000 | ---- | M] () -- C:\END [2013.05.20 09:39:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3740440184-2078061406-2066729486-1000Core.job [2013.05.19 10:28:22 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.16 06:15:54 | 000,363,288 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.05.14 21:43:04 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSNERT-PC$.job [2013.05.07 17:16:02 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys [2013.04.30 21:05:33 | 501,554,451 | ---- | M] () -- C:\Windows\MEMORY.DMP ========== Files Created - No Company Name ========== [2013.05.20 21:58:16 | 000,000,000 | ---- | C] () -- C:\Users\Snert\defogger_reenable [2013.05.20 21:19:07 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.20 13:23:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.05.19 10:28:22 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.22 17:01:17 | 501,554,451 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012.10.16 17:10:48 | 000,000,005 | ---- | C] () -- C:\Users\Snert\AppData\Roaming\mbam.context.scan [2012.05.09 19:04:49 | 000,000,579 | ---- | C] () -- C:\Windows\eReg.dat [2011.07.08 20:26:22 | 000,000,000 | ---- | C] () -- C:\Users\Snert\AppData\Local\{6E42029C-07A0-4D23-8469-B4F91B9BDA29} [2011.02.16 13:57:45 | 000,001,854 | ---- | C] () -- C:\Users\Snert\AppData\Roaming\GhostObjGAFix.xml ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.15 14:11:25 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Babylon [2013.05.20 21:20:45 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Dropbox [2013.01.24 20:06:42 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\ICQ [2013.03.11 16:08:52 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\ICQ Search [2013.01.24 20:15:36 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\ICQ-Profile [2013.01.24 20:12:34 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\ICQM [2010.06.04 22:44:14 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\iWin [2010.12.07 22:13:41 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Lexmark Productivity Studio [2011.06.27 01:06:44 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\muvee Technologies [2013.05.01 13:53:06 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\OpenCandy [2012.05.30 07:47:02 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Opera [2010.11.25 15:08:07 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Pirateville [2010.11.24 20:29:24 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\rondomedia [2013.05.01 13:39:45 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\SearchProtect [2010.09.03 19:01:39 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\SmartSurfer [2012.02.12 13:13:18 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\TeamViewer [2010.11.22 16:21:04 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\Twintale Entertainment [2010.11.15 00:02:28 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\V-Games [2010.09.03 00:47:24 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\WEBDE [2010.05.30 11:23:17 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\WildTangent [2012.09.09 21:57:08 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\XSManager [2010.05.29 15:32:16 | 000,000,000 | ---D | M] -- C:\Users\Snert\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > |
| Themen zu Problem mit Fakealert |
| adware/adware.gen, avira, bluescreen, bonjour, error, excel, fakealert, firefox, flash player, google, iexplore.exe, install.exe, launch, picasa, plug-in, programm, realtek, search protect, security, software, svchost.exe, system care, tr/crypt.xpack.gen3, trojan.fakealert.ssgen, trojaner, wajam, wrapper |
Baum-Darstellung